Many years ago I installed Enigmail/OpenPGP in Thunderbird, setup a passphrase, saved a revocation file, posted my key somewhere public, and did a few tests, and that was about it. That was at least 1 or 2 laptops ago, and probably in Win7Pro (now on Win10Pro). For years TB has complained Enigmail unavailable, so I hit cancel and moved on. Now new year I decided to sort it out if possible after I came across a key expiration email from keyserver.paulfurley.com from 2018, and want to see if I can recover my original passphrase ... I sort of remember the gist of it. I still have the revocation file. I wonder if I can try to enter passphrases to recover the one I originally used? Verify it against something? Thanks from an encryption nubee.
Last edit: ClaBrown 2020-01-02
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
the gist of it. I still have the revocation file. I wonder if I can
try to enter passphrases to recover the one I originally used
originally used? Verify it against something? Thanks from an
encryption nubee.
You can certainly try, but it may be easier and better to just write off
the old certificate as a lost cause and start over with creating a new
one. :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you try to sign a message that you send to yourself, or if you try to change the passphrase of the key, then gpg will ask you for your passphrase. You can try 3 times until gpg gives up. If you didn't use the correct passphrase you can repeat the operation as often as you like.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is there anyway to ask the public "KeyVerse" if there is anything still saved out there for my email? Will making a new one erase any existing ones automatically? ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is there anyway to ask the public "KeyVerse" if there is anything
still saved out there for my email? Will making a new one erase any
existing ones automatically?
There is not, and it will not.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Rob Thanks ... so if I foillow your advice to just create new one for my email, and an old one is saved, what will keep people from trying to verify me, but finding an old copy saved on a public key server and failing since it doesn't match the new one?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Rob Thanks ... so if I foillow your advice to just create new one for
my email, and an old one is saved, what will keep people from trying
to verify me, but finding an old copy saved on a public key server and
failing since it doesn't match the new one?
They'll send you a follow-up email with, "Did you change your
certificate?" and you'll tell them, "yes, I forgot the passphrase for
the old one. Here, have a copy of a revocation certificate for the old
one. In the future, please use my new certificate, which I'm attaching
to this email."
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
sorry, I should not write mails from my mobile when sitting in a bus ;-)
keys.openpgp.org lets you specify which key to publish. You can also delete keys from that keyserver. That's why I prefer it over the classical keyservers.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, Thanks for helping, no matter where you're responding from. I have no idea where I published the original keys to, other than I was basically stepping through the enigmail setup with TBird. One of the servers must have been keyserver.paulfurley.com since it told me they were expiring, but I don't remember "picking" it specifically. Too bad it's not like DNS where there's a root that everything propagates from. Is there anyway to look in enigmail to see where all it might have published my keys to? Or would it basically be, make a list of keyservers and then ask each one?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Many years ago I installed Enigmail/OpenPGP in Thunderbird, setup a passphrase, saved a revocation file, posted my key somewhere public, and did a few tests, and that was about it. That was at least 1 or 2 laptops ago, and probably in Win7Pro (now on Win10Pro). For years TB has complained Enigmail unavailable, so I hit cancel and moved on. Now new year I decided to sort it out if possible after I came across a key expiration email from keyserver.paulfurley.com from 2018, and want to see if I can recover my original passphrase ... I sort of remember the gist of it. I still have the revocation file. I wonder if I can try to enter passphrases to recover the one I originally used? Verify it against something? Thanks from an encryption nubee.
Last edit: ClaBrown 2020-01-02
On 2020-01-02 11:39, ClaBrown wrote:
You can certainly try, but it may be easier and better to just write off
the old certificate as a lost cause and start over with creating a new
one. :)
If you try to sign a message that you send to yourself, or if you try to change the passphrase of the key, then gpg will ask you for your passphrase. You can try 3 times until gpg gives up. If you didn't use the correct passphrase you can repeat the operation as often as you like.
Is there anyway to ask the public "KeyVerse" if there is anything still saved out there for my email? Will making a new one erase any existing ones automatically? ...
There is not, and it will not.
Rob Thanks ... so if I foillow your advice to just create new one for my email, and an old one is saved, what will keep people from trying to verify me, but finding an old copy saved on a public key server and failing since it doesn't match the new one?
They'll send you a follow-up email with, "Did you change your
certificate?" and you'll tell them, "yes, I forgot the passphrase for
the old one. Here, have a copy of a revocation certificate for the old
one. In the future, please use my new certificate, which I'm attaching
to this email."
Your key is already on the keyserver. But do people use it to send you encrypted mails? I don't expect so.
Alternatively, if you use keys.openpgp.org, you can the single new valid key.
uhh. I can "what" the single new valid key?
sorry, I should not write mails from my mobile when sitting in a bus ;-)
keys.openpgp.org lets you specify which key to publish. You can also delete keys from that keyserver. That's why I prefer it over the classical keyservers.
Well, Thanks for helping, no matter where you're responding from. I have no idea where I published the original keys to, other than I was basically stepping through the enigmail setup with TBird. One of the servers must have been keyserver.paulfurley.com since it told me they were expiring, but I don't remember "picking" it specifically. Too bad it's not like DNS where there's a root that everything propagates from. Is there anyway to look in enigmail to see where all it might have published my keys to? Or would it basically be, make a list of keyservers and then ask each one?